Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0.11.0 release candidate 1 #1925

Closed
wants to merge 4 commits into from
Closed

0.11.0 release candidate 1 #1925

wants to merge 4 commits into from

Conversation

SWilson4
Copy link
Member

praveksharma and others added 4 commits September 13, 2024 22:17
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
@SWilson4 SWilson4 requested a review from dstebila as a code owner September 13, 2024 23:10
Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I'm not asked for review, but there's at least one comment I have to make: Shouldn't this trigger all CI?

@SWilson4 SWilson4 requested review from a team September 14, 2024 13:03
@SWilson4
Copy link
Member Author

OK, I'm not asked for review, but there's at least one comment I have to make: Shouldn't this trigger all CI?

You certainly should have been; I simply missed adding reviewers. :)

It triggered the extended and oqs-provider release tests as well as all of the standard (PR) tests. The former don't show up here since they were triggered by the release event and not by the pull_request event.

Here's the liboqs run:
https://github.com/open-quantum-safe/liboqs/actions/runs/10857298451

and here's the downstream run in provider:
https://github.com/open-quantum-safe/oqs-provider/actions/runs/10857300499

Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. But is this meant to land or only when final?

@beldmit
Copy link
Contributor

beldmit commented Sep 14, 2024

Do you plan to land the final version of ML-DSA later or the current version is already the final one?

@baentsch
Copy link
Member

Do you plan to land the final version of ML-DSA later or the current version is already the final one?

Later on, see #1919. The current version is still 'ipd'.

@beldmit
Copy link
Contributor

beldmit commented Sep 14, 2024

Great! Do you plan to land it in 0.11 or later?

@baentsch
Copy link
Member

Decision was to push it to 0.12.0.

@beldmit
Copy link
Contributor

beldmit commented Sep 14, 2024

Thanks for clarification!


This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of [FIPS 203](https://csrc.nist.gov/pubs/fips/203/ipd) and [FIPS 204](https://csrc.nist.gov/pubs/fips/204/ipd), respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.
This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2).
Copy link
Member

@dstebila dstebila Sep 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2).
This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions. This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2).

Copy link
Member

@dstebila dstebila left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! One suggestion for wording around Kyber Round 3 but otherwise good to go.

@SWilson4
Copy link
Member Author

LGTM. But is this meant to land or only when final?

Only when final.

Looks good! One suggestion for wording around Kyber Round 3 but otherwise good to go.

Perfect, I'll make the change in the release notes when updating the version string to remove "-rc1".

@baentsch
Copy link
Member

As discussed yesterday (to give feedback on testing intentions) I don't see a good reason to test this with oqsprovider until we have re-established functional parity with CF again, see also openssl/project#844. Realistically I don't see a risk there though, just need to wait a bit until @bhess is back from ICMC. Any other thoughts, @SWilson4 @praveksharma (also as I'm looking to you for doing the actual oqsprovider release as well as any possible further downstream releases)?

@SWilson4
Copy link
Member Author

In an in-person meeting with @dstebila and @praveksharma earlier this week, we agreed to hold 0.11.0 until open-quantum-safe/oqs-provider#503 / open-quantum-safe/oqs-provider#524 are resolved / tested to enable thorough testing of ML-KEM.

@dstebila dstebila added this to the 0.11.0 milestone Sep 23, 2024
@@ -14,117 +14,118 @@ liboqs can be used with the following Open Quantum Safe application integrations
- **OQS-BoringSSL**: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- **OQS-OpenSSH**: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.

liboqs can also be used in the following programming languages via language-specific wrappers:

- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

liboqs-java was deleted in error; reminder to add it back when preparing the final release.

@praveksharma praveksharma mentioned this pull request Sep 27, 2024
@SWilson4
Copy link
Member Author

Closing as #1939 has landed.

@SWilson4 SWilson4 closed this Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants